From 09b34f7e0767a763bc488c59a215276922f7312b Mon Sep 17 00:00:00 2001
From: NicolasCantu <nicolas.cantu@pm.me>
Date: Sun, 26 Oct 2025 02:50:16 +0100
Subject: [PATCH] feat: implement wallet decryption in getDeviceFromDatabase
 for birthday-setup and all wallet loading

---
 src/services/service.ts | 51 ++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 50 insertions(+), 1 deletion(-)

diff --git a/src/services/service.ts b/src/services/service.ts
index 7f75784..1270e07 100755
--- a/src/services/service.ts
+++ b/src/services/service.ts
@@ -1832,7 +1832,56 @@ export default class Services {
     const walletStore = 'wallet';
     try {
       const dbRes = await db.getObject(walletStore, '1');
-      if (dbRes) {
+      if (!dbRes) {
+        return null;
+      }
+
+      // Check if data is encrypted (new format) or plain (old format)
+      if (dbRes['encrypted_device']) {
+        // New encrypted format - need to decrypt
+        console.log('🔐 Wallet found in encrypted format, decrypting...');
+        
+        // Get the PBKDF2 key based on security mode
+        const { SecureCredentialsService } = await import('./secure-credentials.service');
+        const secureCredentialsService = SecureCredentialsService.getInstance();
+        
+        // Get all security modes to find which one works
+        const allSecurityModes = ['browser', 'otp', 'password', 'none', 'os', 'proton-pass'];
+        let pbkdf2Key: string | null = null;
+        let workingMode: string | null = null;
+        
+        for (const mode of allSecurityModes) {
+          try {
+            const key = await secureCredentialsService.retrievePBKDF2Key(mode as any);
+            if (key) {
+              pbkdf2Key = key;
+              workingMode = mode;
+              break;
+            }
+          } catch (e) {
+            // Continue to next mode
+          }
+        }
+        
+        if (!pbkdf2Key) {
+          throw new Error('Failed to retrieve PBKDF2 key - cannot decrypt wallet');
+        }
+        
+        // Decrypt the device
+        const { EncryptionService } = await import('./encryption.service');
+        const encryptionService = EncryptionService.getInstance();
+        
+        const decryptedDeviceString = await encryptionService.decrypt(
+          dbRes['encrypted_device'],
+          pbkdf2Key
+        );
+        
+        const decryptedDevice = JSON.parse(decryptedDeviceString);
+        console.log('✅ Wallet decrypted successfully');
+        return decryptedDevice;
+      } else if (dbRes['device']) {
+        // Old plain format (backward compatibility)
+        console.log('⚠️ Wallet found in old format (not encrypted)');
         return dbRes['device'];
       } else {
         return null;